CVE-2026-2943 | THREATINT

Description

A vulnerability was identified in SapneshNaik Student Management System up to f4b4f0928f0b5551a28ee81ae7e7fe47d9345318. This impacts an unknown function of the file index.php. Such manipulation of the argument Error leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-02-21 | Published 2026-02-22 | Updated 2026-02-22 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

5.0AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Product status

f4b4f0928f0b5551a28ee81ae7e7fe47d9345318

affected

Timeline

2026-02-21:	Advisory disclosed
2026-02-21:	VulDB entry created
2026-02-21:	VulDB entry last update

Credits

suc2es2 (VulDB User) reporter

References

vuldb.com/?id.347313 (VDB-347313 | SapneshNaik Student Management System index.php cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.347313 (VDB-347313 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.754035 (Submit #754035 | SapneshNaik Student-Management-System V1.0 Reflected XSS) third-party-advisory

github.com/...——SapneshNaik_Student-Management-System.md exploit

cve.org (CVE-2026-2943)

nvd.nist.gov (CVE-2026-2943)

Download JSON